Following the Steem incident, at the beginning of this year, Justin Sun, a topical figure in the currency circle, was once again caught up in allegations of governance attacks. As a giant whale holding more than $1 billion in crypto assets and the founder of the Tron public chain, Justin Sun’s on-chain address is widely tracked by crypto detectives.
According to the GFX Labs report, in January 2022, on-chain records showed that an address suspected of belonging to Justin Sun borrowed a large amount of $MKR from AAVE, and proposed to create a DAI-TUSD trading pair within the community to support the exchange of the two at a fixed 1:1 exchange rate . After the behavior was noticed, it was resisted by the community, and the address did not initiate a proposal with these $MKR, but returned it directly. In March, another address suspected to belong to Justin Sun borrowed a large amount of $COMP from Compound, worth about $13 million, and deposited it into Binance. Soon, a new address received $COMP worth about $9 million from Binance, The address used these $COMP to initiate a proposal to add TUSD as a collateral asset on Compound, which was ultimately rejected by a vote with broad community participation.
Although both operations ended in failure, the incident sparked discussions on DeFi governance in the industry. Some people think that it is unacceptable for giant whales to use “money power” to directly affect governance decisions, and DeFi governance should not be reduced to money politics. Moreover, giant whales use their own financial resources to compete for asset access qualifications in DeFi, which will help increase the price of governance tokens, which in turn will help motivate more people and more funds to participate. Why not do it?
Those who take the latter point of view cite the success of the Curve protocol’s liquidity incentives as their main argument. As an AMM trading market focused on stablecoins, Curve has created a liquidity incentive method: providing liquidity providers of different trading pairs with different levels of $CRV rewards. The percentage of votes received. This mechanism has triggered fierce competition among stablecoin project parties in governance voting, historically known as “Curve War”. Many stablecoin project parties have tried their best to gain more voting rights and strive for more liquidity.
Since 2020, the Curve protocol has been implementing such liquidity incentives, which has made the Curve protocol a huge success . By triggering the Curve War, the price of $CRV is increased, and the increase in the price of $CRV stimulates more funds to provide liquidity for the Curve protocol, and the increase in liquidity further intensifies the Curve War, the perfect flywheel effect!
No one thinks Curve’s governance is kidnapped by money politics, but Curve War has a genius project looking for loopholes in the rules: Mochi Protocol
Perhaps inspired by the flywheel effect of Curve War, Mochi Protocol also intends to open its own flywheel effect. Mochi Protocol uses its governance token $MOCHI INU to incentivize the liquidity of its USDM stablecoin in Curve, and uses its large holdings of $MOCHI INU to mint a large amount of USDM out of thin air. Mochi Protocol then exchanged these USDM for DAI, used DAI to buy $CVX (the governance token of Convex Protocol, which holds a large amount of CRV voting power) to further compete for liquidity, and continued to use this liquidity to exchange USDM for DAI , then buy $CVX again, and the cycle goes on and on. When the liquidity of USDM reached 100 million US dollars, Mochi Protocol began to cash out and run away, exhausting the liquidity in the pool, making the USDM hook invalid and completing the harvest of liquidity providers.
Using CVX to vote in Convest can indirectly influence the vote of the veCRV in the Convest vault, the process is simplified in the diagram.
At this point, you may be ambivalent about money politics in DeFi governance: on the one hand, it may bring success to the protocol, but on the other hand, it may expose the risk of governance attacks and whale manipulation. If we don’t change our perspective, it is difficult for us to jump out of our intuition about money politics and see the real problems in DeFi governance.
The real problem in DeFi governance
Paka Labs believes that there are two key problems with the current DeFi governance mechanism:
First, governance leverage
The whale’s participation in governance itself is beyond reproach. The problem lies in the suspected $COMP and $MKR used by Justin Sun’s address to participate in governance from borrowing, not his long-term holdings. If the address adds some kind of high-control assets to the protocol, it is entirely possible for him to use the protocol as his cash machine by “printing money”, and he hardly needs to bear the price downside risk of $COMP or $MKR. This does not meet the principle of incentive compatibility. The address borrows governance tokens through a decentralized lending protocol, and still needs to provide its own collateral. In fact, if the borrower does not have sufficient collateral assets, it can also borrow governance tokens from others by issuing bond derivatives. .
In Curve War, there is a lot of bribery, and Curve War’s participating projects use small rewards to motivate other people with voting rights to vote according to their will. Of course, the “poor” here is relative to their direct purchase of these voting rights. (Election bribery also involves using economic incentives to get others to delegate votes to themselves, which is not present in Curve War since there is no delegation mechanism in Curve’s governance.)
Borrowing votes and bribery provides leverage for governance participants, disproportionate to the amount of voting power they receive and the responsibilities they need to assume.
In addition, for many DeFi protocols, the governance participation rate is too low, resulting in a very low proportion of voting rights to decide important matters involving major funds or resources, which is a natural leverage. For example, on June 19, Solend made a decision to take over the assets of a giant whale with hundreds of thousands of dollars in voting rights, which is staggering. The resolution was repealed with a new proposal due to strong community opposition.
In conclusion, there is financial leverage in governance voting, which is an important issue that truly threatens governance fairness and security.
Second, no one guards
The governance of DeFi is more complex than other types of DAO governance, because the resources owned by DeFi are not only the funds in the protocol Treasure, but also the funds in the TVL (in fact, the ownership of the funds in the TVL does not belong to the DeFi protocol itself, which is also The reason why Solend took over the giant whale account caused huge controversy), for DeFi protocols, the most critical resources are often non-financial resources. E.g:
- Collateral Asset Whitelist in Lending Agreement
- Liquidity Resources in DEX
The allocation of non-financial resources of the protocol through governance voting cannot be simply understood as a pure governance behavior, but has a certain nature of resource sales. From this perspective, Curve War can be understood as Curve’s auction of its own liquidity resources. Since it’s not politics, it doesn’t matter money politics. (Governance tokens carry the power to allocate valuable resources, which is why the price continues to skyrocket after Compound officially announced that $COMP has no financial value. Those smart money have long realized this!)
The real risk is when no one audits the access to the asset. Let’s compare the listing process of a centralized exchange. If a Web3 project is to be listed on a centralized exchange, most of the time it needs to pay a listing fee. In addition, the centralized exchange will conduct a background check on the project. , if the back adjustment fails, the token will not be listed. Responsible exchanges probably will not adopt the “you can enter with money” listing policy. However, many DeFi protocols do not have any risk control audit measures for the access of assets. This analogy is not entirely appropriate, but it can illustrate certain problems.
Although community members can spontaneously pay attention to governance proposals, they can also mobilize more members to reject proposals to add malicious assets by voting against them, just like Compound and MakerDAO rejected proposals for suspected Justin Sun addresses. However, this kind of spontaneous supervision by community members lacks the main body of responsibility and professional ability. It is not a solid net, and there will always be “fish that slip through the net”. For example, the February 15th proposal for a governance attack on Build Finance passed without the community noticing, with a small number of votes controlled by the attackers. The attack made the protocol vault assets almost zero, making Build Finance a complete failure, and it would be difficult to turn around again.
In order to protect the funds of DeFi participants, we need a more rigorous asset access review mechanism.
How to remove governance leverage?
We need to crack down on the means by which governance levers are used.
▸ Defensive borrowing: exchange lock-up for governance rights
First, borrowing is relatively easy to defend, and both time-weighted voting and reputation-based voting can reduce the impact of borrowing. In fact, Curve’s governance already employs time-weighted voting. Curve’s governance power is achieved by voting with veCRV instead of CRV, and veCRV needs to be obtained by locking CRV. The longer the lock-up time, the more veCRV will be obtained. For example, if you lock the position for 4 years, you can get 1 veCRV, and if you lock the position for 1 year, you can only get 0.25 veCRV.
There are two key points here. First, veCRV cannot be transferred. The reason why users can lend veCRV to Convex, StakeDAO or Yearn Finance in Curve War is because Curve has whitelisted a few entities; The $CRV of veCRV is gradually approaching the expiration time, and the amount of veCRV will decay linearly. To maintain the same voting rights, users need to constantly refresh the lock-up time.
The lock-up mechanism makes it impossible for anyone to obtain a large number of voting rights through short-term borrowing. If you want to get more voting rights, you must extend the borrowing time, which will bring huge costs to the borrowers.
We believe that the mainstream DeFi protocols in the future are likely to evolve to a time-weighted mechanism similar to Curve, or to a more complex reputation voting mechanism, and more and more new protocols will tend to no longer adopt the simple 1T1V mechanism.
▸ Defense against bribery: privacy technology may be a hope
Election bribery is relatively difficult to defend against.
Although election bribery exists in real politics, it is not a climate. Because the characteristics of secret ballots are: after the voter throws the ballot into the ballot box, the third party cannot know which option the voter voted for, and even the voter himself is difficult to produce reliable evidence to prove to the briber that he voted for a certain option. option, which leaves no credible basis for vote-buying deals.
On the chain, the information of vote bribery is highly visible and easy to verify for vote bribers, while the identity information of the subjects involved in vote bribery can be hidden, making it difficult to be held accountable. This is almost perfect soil for building a vote-buying market. In Curve War, vote bribery has become a regular means of participating in war projects, and even special vote bribery service platforms have emerged. By using these platforms, token rewards can be exchanged for users’ votes.
veCRV election bribery platform:
vlCVX election bribery platform:
Bride Protocol is more blatantly claiming to be a general election bribery platform, and under the banner of “helping DAOs to increase governance participation rate” and “helping governance token holders to extract governance value”, it intends to make the word “election bribery” popular. Become a neutral word in the context of DeFi governance. It’s true that vote bribery can increase governance participation rates, but it’s not this falsely high participation rate that DeFi protocols want to see.
In theory, the protocol can actively block the votes from the vote bribery platform and deprive the voting rights of the vote bribery votes, but this is based on the information disclosure of the vote bribery platform. If the vote bribery platform runs on a private server, or uses privacy technology on the blockchain development, then there is nowhere to start with active shielding. In the article “The Other Side of DAOs: On-Chain Voting and the Rise of Dark DAOs”, a feasible way to use TEE hardware to build a covert vote-buying trading platform is described.
Hostess from NFT collection The Robbery by Cherry_Pie_NFT
So can we build a governance system where voting information is invisible? For example, by using privacy technology, the voting information of a single user is no longer visible on the chain, and the outside world can only see the final verifiable voting result. Not only that, the voting user cannot show the bribe a credible proof to prove his vote. Which option was given, or to whom the ticket was delegated. This article provides an idea of to attract new ideas, and I hope that industry partners will discuss and explore together.
It should be noted that even the most perfect technology cannot completely eliminate vote bribery. For example, vote bribery transactions that rely on acquaintances cannot be prevented. What we can do is to prevent vote bribery from forming an efficient market, so that DeFi governance is not completely alienated by widespread vote bribery.
▸ Improve governance participation rate: governance parties and governance incentives
Even some benchmark protocols in the DeFi industry may not have a high governance participation rate. For example, Compound’s governance participation rate is only about 5%. This provides incentives for some to take advantage of the agreement by holding voting power. The low turnout also prompted some protocols to achieve greater leverage through multiple layers of indirect governance, as detailed in Fei-Index-Aave’s fairy operation.
From the perspective of practical democracy, people always try to get more people to vote, but from the perspective of protocol governance security, the goal should be to get more votes invested in governance. If we change the target, we can find a new idea of governance – the agreement party.
Although some protocols have developed liquid democracy mechanisms that allow people to delegate governance tokens to others to indirectly participate in governance. However, this mechanism has been hampered by some factors and cannot greatly improve the governance participation rate.
- Unless you are deeply involved in the community and know who are active contributors and their governance voting propensity, you still don’t know who to delegate votes to;
- Delegated voters are inconsistently active, and they are not asked to remain active, may actively participate in a few votes and never vote again, and delegators don’t seem to always pay attention to whether they should change their delegation, which makes some Tickets fell silent for a long time;
- Most protocols do not provide incentives for participating in governance, which makes token holders more willing to put governance tokens in DeFi to earn interest.
This can be improved by introducing a coalition with a specific voting preference, which we might call a “party of agreement”. The parties of agreement promise voters to vote responsibly to obtain votes, and parties of agreement employ experts to carefully study each decision to do so.
Of course, in order for the protocol parties to have the motivation to participate in governance responsibly, and for the token holders to have the incentive to delegate their votes to the protocol parties, the protocol needs to provide sufficient incentives to governance participants. The existence of governance incentives, which is equivalent to taxing those who do not participate in governance, helps to awaken silent votes. Governance incentives are divided into two parts, one part is the reward issued for locking the governance token, which is a bit like the staking reward in the PoS public chain, and the other part is the reward for voting behavior, such as how many times the number of votes can be rewarded, this part Rewards can be given to governance in the form of subsidies. The source of rewards can be inflationary issuance or protocol profits.
It should be noted here that the agreement party should not issue its own governance token, otherwise it will create opportunities for doll-type leverage governance similar to Fei-Index-Aave. Even if the agreement party issues the governance token, it should not govern itself through its own governance. Voting directly determines the voting of the votes it holds on behalf of, but a professional committee should be appointed to make voting decisions.
At present, WildFireDAO has been created as a protocol party and actively participates in the governance of multiple protocols. Rabbithole has also created its own governance committee, which is responsible for participating in the governance voting of the protocols it holds. Looking forward to the future evolution of the agreement party!
How to set up the gatekeeping mechanism?
After Mochi’s governance attack, Curve disqualified Mochi Protocol from competing for liquidity through governance. However, compared with the ex-post “asset liquidation”, we need an ex-ante asset access link to resist fraud, and better To ensure the security of DeFi participants’ funds.
As mentioned earlier, in most of DeFi’s current asset access mechanisms, as long as you have enough money, you can get enough voting rights to put any assets you want to add into a DeFi: or as a Collateral for lending protocols, or as a reserve asset for stablecoins, or being allowed to join a specific trading pair, brings exposure to governance attacks. By removing governance leverage, we can make it more expensive for attackers to gain voting rights, but beyond that, DeFi protocols should have a gatekeeping mechanism that acts as the ultimate security shield against malicious assets being added.
It is inappropriate for many token holders to review the access of assets, otherwise it will return to the original problem. The voting rights may be captured by attackers in a short period of time to implement governance attacks, and it is impossible for all voters to do anything to the assets. Responsible background checks. The feasible way is for voters to formulate a review standard and appoint a risk control team to back-tune the asset and decide whether to release it.
It should be noted that once the standard is formulated, the review committee has no power to release assets that do not meet the standard, or prevent assets that meet the standard from being added, otherwise the protocol can remove or change committee members through governance votes. Of course, the audit standard is only a few paragraphs of text after all, and in practice there must be the discretion of the audit committee. However, the audit criteria should be as clear as possible (for example, a scale can be used to assess the degree of decentralization of an asset) to reduce the possibility of fraud or bribery of the audit committee. It’s like the separation of law and judiciary in realpolitik.
In fact, in Compound and SushiSwap, there is a structure similar to the “Senate”, and the “Senate” can have the right to veto all governance proposals, even those approved by high votes. In practice, the “Senate” also assumes the role of asset access review and is responsible for rejecting proposals for malicious assets to be added. However, this mechanism is also controversial: supporters believe that the power of the Senate and the power of governance votes can be checked and balanced, achieving a bicameral structure similar to that in democratic politics, while opponents believe that the Senate, which can veto all proposals, is entirely possible Be the dictator of the agreement.
We think there are two core points here:
- The scope of the Senate’s power, in addition to the veto power of proposals, whether there are other powers, in some governance structures, the Senate also has the authority to suspend the agreement, start emergency proposals, etc. In some DeFi protocols in the early stage of development, the Senate has all the superpowers. Permission to update the protocol code at any time. The different scope of authority determines the nature of the Senate – dictator or goalkeeper. However, for the relatively early development of DeFi, since the code is not yet mature and the economic system has not been verified, it is also helpless to let the dictator be the goalkeeper;
- The election and removal of members of the Senate is determined by a governance vote. This determines whether the Senate is an independent entity of power, or just a proxy agency authorized by the governance vote.
In conclusion, we believe that it is necessary to have a committee authorized and overseen by governance voting to be responsible for asset auditing. This committee can be a separate department or can be concurrently served by the “senator” of the protocol.
With the development of DeFi, some protocols have become the infrastructure of Web3, possessing the attributes of public goods and protecting the financial security of participants, which is the bottom line of the development of DeFi. Risk factors mainly exist in two aspects. One is that governance power may be amplified by financial leverage, resulting in unequal governance of rights and responsibilities. The other is the lack of a reliable asset access review process (gatekeeping mechanism), even for fraudsters. No one refuses, and you can add any asset to the DeFi protocol if you have money.
This article provides several methods for eliminating governance leverage. Among these methods, the use of lock-up mechanisms to defend against borrowing has been widely used, and the use of governance parties and governance incentives to increase governance participation rates are also being practiced one after another. Only bribery is still tricky The problem is that the idea of using privacy technology to defend against election bribery provided in this article has a high technical threshold and cannot be realized in the short term. This article also provides suggestions for setting up a gatekeeping mechanism, that is, entrusting a risk control team to investigate and review the assets added to the DeFi license according to established principles. However, in the governance practice of DeFi, there may be more sophisticated ways to solve the above problems. We will continue to pay attention and study where the governance of DeFi is going.
 Tron’s Justin Sun Accused of ‘Governance Attack’ on DeFi Lender Compound
 Avoiding governance attacks, the governance experience of blue-chip DeFi
 The right to benefit and governance of CRV
 A Comprehensive Research on DAO’s Security by Fairyproof
 Solend governance turmoil
 The Other Side of DAOs: On-Chain Vote Bribery and the Rise of Dark DAOs
 Build Finance DAO Suffers Governance Takeover Attack
 The voting rate of the seven proposals of Compound is only 5%. Is DAO really the final form of democracy?
 The Curve Emergency DAO has killed the USDM gauge
 Metagovernance in Crypto
 Introducing Wildfire DAO
 From v0 to v1: RabbitHole Metagovernance Pod Learnings
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/rethinking-the-governance-crux-of-defi-protocols/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.